Naming Context Property Commands

This chapter explains how to display a list of accepted property names, and how to set, print, and remove the current value for a property. The commands can be issued using the REST API.

This command displays a list of accepted property names categorized by configuration type (LDAP proxy, database proxy, virtual tree, RadiantOne Universal Directory store, and persistent cache).

Usage: The following properties are available on all types of naming contexts:

• active
• datasourcebind
• datasourceupdate
• dsredirlocalwritemode
• noredirattr

The following properties are available only on LDAP proxies:

• accessrightoverride
• datasourcename
• dedicatedconn
• dnattributes
• filterexcluded
• filterincluded
• interceptionvalue
• isjoinoptimized
• islimitattributes
• mappedattributes
• mappedobjectclass
• masteridcache
• postprocisuffix
• postprocxfilter
• postprocxsuffix
• prefilter
• proxiedauthentication
• remotebasedn
• requestedattributes
• rolemappedaccess
• useclientsizelimit
• xjoin

The following property is available only on database proxies:

• datasourcename

The following property is available only on virtual trees:

• dvxname

The following properties are available only on RadiantOne Universal Directory stores:

• datasourcesforpush
• encryptedattr
• ensuredpush
• indexattr
• interclustrep
• location
• notindexattr
• sortedindex

The following properties are available only on persistent-cache naming contexts:

• cronexpressionperiodicrefresh
• datasourcesforpush
• encryptedattr
• ensuredpush
• interclustrep
• listenerenabled
• listenerattr
• location
• notindexattr
• sortedindex
• usecacheforauth
• validationthresholdperiodicrefresh
• validationscriptpathperiodicrefresh

REST (ADAP) Example

In the following example, a request is made to display a list of accepted property names.

https://<rli_server_name>:8090/adap/util?action=vdsconfig&commandname=list-prop

This command displays a list of the current naming contexts and their type.

Usage:
list-ctx [-dbproxy] [-hdap] [-http] [-instance <instance>] [-ldapproxy] [-pcache] [-root] [-virtualtree]

Command Arguments:

- dbproxy
Indicates that the list of naming contexts should include database proxies. - hdap
Indicates that the list of naming contexts should include RadiantOne Universal Directory (HDAP) stores. - http
Indicates that the list of naming contexts should include HTTP type stores. - instance <instance>
The name of the RadiantOne instance. If not specified, the default instance named vds_server is used. - ldapproxy
Indicates that the list of naming contexts should include LDAP proxies. - pcache
Indicates that the list of naming contexts should include persistent caches. - root
Indicates that only root naming contexts should be printed out. - virtualtree
Indicates that the list of naming contexts should include virtual trees.

REST (ADAP) Example

In the following example, a request is made to list the root naming contexts of database proxies, RadiantOne Universal Directory stores, LDAP proxies, and virtual trees.

https://<rli_server_name>:8090/adap/util?action=vdsconfig&commandname=list-ctx&dbproxy&hdap&ldapproxy&root&virtualtree

This command prints the current value for a given property on the specified naming context.

Usage:
get-ctx-prop -namingcontext <namingcontext> -prop <prop> [-cache] [-instance <instance>] [-mergedatasource <mergedatasource>] [-mergedn <mergedn>]

Command Arguments:

- namingcontext <namingcontext>
[required] The name of the naming context to get/set the property.

- prop <prop>
The name of the property to get/set. If this command argument is not specified, all properties for the specified naming context are displayed.

- cache
Indicates if you want to get/set the property on a naming context that is cached.

- instance <instance>
The name of the RadiantOne instance. If not specified, the default instance named vds_server is used.

- mergedatasource <mergedatasource>
The data source name of the LDAP proxy merge tree. This argument should be used with the - mergedn argument when specifying an LDAP proxy merge tree.

- mergedn <mergedn>
The remote base DN of the LDAP proxy merge tree. This argument should be used with the - mergedatasource argument when specifying an LDAP proxy merge tree.

REST (ADAP) Example

In the following example, a request is made to display the values for the dnAttributes property in an LDAP proxy.

https://<rli_server_name>:8090/adap/util?action=vdsconfig&commandname=get-ctx-prop&namingcontext=o=ldapproxy &prop=dnattributes

This command sets the value for a given property on the specified naming context.

Usage:
set-ctx-prop -namingcontext <namingcontext> -prop <prop> -value <value> [-cache] [-instance <instance>][-mergedatasource <mergedatasource>] [-mergedn <mergedn>]

Command Arguments:

- namingcontext <namingcontext>
[required] The name of the naming context to get/set the property.

- prop <prop>
[required] The name of the property to get/set.

- value <value>
[required] The value of the property to set.

- cache
Indicates if you want to get/set the property on a naming context that is cached.

- instance <instance>
The name of the RadiantOne instance. If not specified, the default instance named vds_server is used.

- mergedatasource <mergedatasource>
The data source name of the LDAP proxy merge tree. This argument should be used with the - mergedn argument when specifying an LDAP proxy merge tree.

- mergedn <mergedn>
The remote base DN of the LDAP proxy merge tree. This argument should be used with the - mergedatasource argument when specifying an LDAP proxy merge tree.

Examples

REST (ADAP)

In the following example, a request is made to enable Proxy Authorization for an LDAP proxy view mounted at o=ldapproxy.

https://<rli_server_name>:8090/adap/util?action=vdsconfig&commandname=set-ctx-prop&namingcontext=o=ldapproxy&prop=proxiedauthentication&value=true

Full Text Searching

To enable full text searching on a RadiantOne Universal Directory (HDAP) store or persistent cache naming context, use the “fulltextenabled” property. The syntax is shown below.

<RLI_HOME>/bin/vdsconfig.bat set-ctx-prop -namingcontext <naming context> -cache -prop fulltextenabled -value <true or false>

An example command for a naming context of “o=mytest” is:

vdsconfig.bat set-ctx-prop -namingcontext o=mytest -cache -prop fulltextenabled -value true

Persistent Cache Periodic Refresh Validation Threshold

To read the current threshold value configured for a persistent cache:

<RLI_HOME>/bin/vdsconfig.bat get-ctx-prop -namingcontext <naming context> -cache -prop validationthresholdperiodicrefresh

To set a new threshold value for a configured persistent cache:

<RLI_HOME>/bin/vdsconfig.bat set-ctx-prop -namingcontext <naming context> -cache -prop
validationthresholdperiodicrefresh -value <number from 0 to 100>

The validationthresholdperiodicrefresh property described above is a global setting and does not discriminate between add and delete operations. If you want to define a granular threshold for add operations, indicate the percentage in the validationaddthresholdperiodicrefresh property. If you want to define a granular threshold for delete operations, indicate the percentage in the validationdeletethresholdperiodicrefresh property. These values override the validationthresholdperiodicrefresh property for add and delete operations respectively. For example, if validationdeletethresholdperiodicrefresh contains a value of 25, and validationaddthresholdperiodicrefresh contains a value of 50, it means if the generated LDIF image contains 50% more entries or 25% less entries than the current cache image, the periodic persistent cache refresh is aborted for the current refresh cycle.

This command removes the value for the given property and sets it to empty on the specified naming context.

Usage:
unset-ctx-prop -namingcontext <namingcontext> -prop <prop> [-cache] [-instance <instance>] [-mergedatasource <mergedatasource>] [-mergedn <mergedn>]

Command Arguments:

- namingcontext <namingcontext>
[required] The name of the naming context to get/set the property.

- prop <prop>
[required] The name of the property to get/set.

- cache
Indicates if you want to get/set the property on a naming context that is cached.

- instance <instance>
The name of the RadiantOne instance. If not specified, the default instance named vds_server is used.

- mergedatasource <mergedatasource>
The data source name of the LDAP proxy merge tree. This argument should be used with the - mergedn argument when specifying an LDAP proxy merge tree.

- mergedn <mergedn>
The remote base DN of the LDAP proxy merge tree. This argument should be used with the - mergedatasource argument when specifying an LDAP proxy merge tree.

To get interception options configured on proxy views, use get-ctx-interception.

An example of using the command for a naming context of o=companyprofiles is shown below.

vdsconfig.bat get-ctx-interception -namingcontext o=companyprofiles

Usage: get-ctx-interception -namingcontext [-instance ] [-mergedatasource ] [-mergedn ]

Command Arguments:

- namingcontext <namingcontext>
[required] The naming context to get the configured interception options for.

- instance <instance>
The name of the RadiantOne instance. If not specified, the default instance named vds_server is used.

- mergedatasource <mergedatasource>
The data source name of the LDAP proxy merge tree. This argument should be used with the - mergedn argument when specifying an LDAP proxy merge tree.

- mergedn <mergedn>
The remote base DN of the LDAP proxy merge tree. This argument should be used with the - mergedatasource argument when specifying an LDAP proxy merge tree.

REST (ADAP) Example

In the following example, a request is made to retrieve interception script options configured on an LDAP proxy.

https://<rli_server_name>:8090/adap/util?action=vdsconfig&commandname=get-ctx-interception&namingcontext=o=ldapproxy

To set interception options on proxy views, use set-ctx-interception.

Below is an example of configuring an interception for bind, add and delete for a naming context of o=companyprofiles:

vdsconfig.bat set-ctx-interception -namingcontext o=companyprofiles -bind true -add true - delete true

The first time you use set-ctx-interception, a default interception script matching your naming context is generated in <RLI_HOME>\vds_server\custom\src\com\rli\scripts\intercept. You can always get the full path to the java file with get-ctx-interception.

After editing the Java file, the intercept.jar file must be rebuilt and the RadiantOne service must be restarted for the script to take effect. If deployed in a cluster, restart the RadiantOne service on all nodes.

Usage:
set-ctx-interception -namingcontext <namingcontext> [-add <true/false>] [-bind <true/false] [-search <true/false>] [-modify <true/false>] [-delete <true/false>] [-compare <true/false>] [-specialops <true/false>] [-srep <true/false>] [-instance <instance>] [-mergedatasource <mergedatasource>] [-mergedn <mergedn>]

Command Arguments:

- namingcontext <namingcontext>
[required] The naming context to get the configured interception options for.

- add <true/false>
A value of true indicates interception on add (insert) operations is enabled. A value of false means it is not enabled.

- delete <true/false>
A value of true indicates interception on delete operations is enabled. A value of false means it is not enabled.

- bind <true/false>
A value of true indicates interception on bin (authentication) operations is enabled. A value of false means it is not enabled.

- search <true/false>
A value of true indicates interception on search (select) operations is enabled. A value of false means it is not enabled.

- modify <true/false>
A value of true indicates interception on modify (update) operations is enabled. A value of false means it is not enabled.

- compare <true/false>
A value of true indicates interception on compare operations is enabled. A value of false means it is not enabled.

- specialops <true/false>
A value of true indicates interception on special operations (invoke) is enabled. A value of false means it is not enabled.

- srep <true/false>
A value of true indicates interception on search result entry processing (process result) operations is enabled. A value of false means it is not enabled.

- instance <instance>
The name of the RadiantOne instance. If not specified, the default instance named vds_server is used.

- mergedatasource <mergedatasource>
The data source name of the LDAP proxy merge tree. This argument should be used with the - mergedn argument when specifying an LDAP proxy merge tree.

- mergedn <mergedn>
The remote base DN of the LDAP proxy merge tree. This argument should be used with the - mergedatasource argument when specifying an LDAP proxy merge tree.

REST (ADAP) Example

In the following example, a request is made to set interception script options on an LDAP proxy view.

https://<rli_server_name>:8090/adap/util?action=vdsconfig&commandname=set-ctx-interception&namingcontext=o=ldapproxy&add=true&delete=false&bind=true&search=true&modify=true&specialops=false

Interception Values

If an interception script is enabled for a naming context, the interceptionvalue property reflects which operations are enabled. The table below details the base values and their meaning.

These base values can be used to calculate the value for the combinations of operations enabled. Add the values for the operations and the total is set for the interceptionvalue property. Some examples are shown in the table below.